The SEI helps advance software engineering principles and practices and serves as a national resource in software engineering, computer security, and process improvement. The SEI works closely with defense and government organizations, industry, and academia to continually improve software-intensive systems. Its core purpose is to help organizations improve their software engineering capabilities and develop or acquire the right software, defect free, within budget and on time, every time.

Abstract

The ability to quantify risk is essential to the process of budgeting and scheduling. During the process of hiring to complete specified tasks, customers must be able to verify contractor estimates and to make sound judgments on the risks of cost overruns and time delays. The following two questions are central to this paper: Do developers with little experience over-estimate or under-estimate the complexity of the task because of their past experience, the assumptions they make, the models they select, and how they define the model parameters? What are the sources of risk associated with project cost estimation? How can such risk be quantified? To address these questions, this paper proposed a systematic acquisition process that is aimed at assessing and managing the risks of cost overruns and time delays associated with software development.

The proposed acquisition process, which is composed of four phases (listed below), is grounded on the following three basic premises: a) Any single-value estimate of cost or completion time is inadequate to capture and represent the variability and uncertainty associated with cost and schedule. Probabilistic quantification is advocated, using, in this paper, the fractile method and triangular distribution. b) The common expected value when used as a measure of risk, is inadequate; further, if used as the sole measure of risk, it may lead to inaccurate results. The conditional expected value of risk of extreme events is adopted to supplement and complement the common unconditional expected value. c) Probing the sources of risks and uncertainties associated with cost overruns and time delays in software development is essential for the ultimate management of technical and nontechnical risks. The Taxonomy-Based Questionnaire developed by the Software Engineering Institute is adopted.

These basic premises have led to the development of the following four phases in the proposed acquisition process: Phase I, constructing the probability density functions; Phase II, probing the sources of risks and uncertainties; Phase II, analyzing and regarding the likelihood of technical and non-technical risks; and Phase IV, drawing conclusions on the basis of the accumulated evidence and ultimately selecting the contractors most likely to complete the project without major cost overruns or time delays. The three example problems are presented to demonstrate the construction of the probability density functions in Phase I and to explain in a more general way the effort involved in Phases II through IV.

Haimes, Yacov., & Chittister, Clyde. (1993). An Acquisition Process for the Management of Risks of Cost Overrun and Time Delay Associated with Software Development (CMU/SEI-93-TR-028). Retrieved October 16, 2017, from the Software Engineering Institute, Carnegie Mellon University website: http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=11987